﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Xml.Linq;
using System.Data.OracleClient;
using System.Collections.Generic;
public partial class login : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
    {
        String UserLoginID = Login1.UserName.ToString().Trim().Replace("'", "").Replace("=", "");
        String UserLoginPwd = Login1.UserName.ToString().Trim().Replace("'", "").Replace("=", "");
        String md5Pwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(UserLoginPwd, "md5").ToLower();
        String connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["OracleConnectionString"].ConnectionString;
        OracleConnection conn = new OracleConnection(connectionString);
        OracleCommand cmd = new OracleCommand();
        cmd.Connection = conn;
        conn.Open();
        cmd.CommandText = "select username,password from pgms_user_info where username=:uname and password=:pwd";
        cmd.Parameters.Add(":uname", OracleType.VarChar);
        cmd.Parameters[":uname"].Value = UserLoginID;
        cmd.Parameters.Add(":pwd", OracleType.VarChar);
        cmd.Parameters[":pwd"].Value = md5Pwd;
        try
        {
            OracleDataReader dr = cmd.ExecuteReader();
            if (!dr.HasRows)
            {
                e.Authenticated = false;
            }
            else
            {
                Session["UserLoginID"] = UserLoginID;
                Session["UserLoginPwd"] = UserLoginPwd;
                e.Authenticated = true;
                Response.Redirect("index.aspx");
            }
        }
        catch (Exception ex)
        {
            Response.Write("数据库错误，错误原因：" + ex.Message);
            Response.End();
        }

    }
}